[Rpm-maint] Porting RPM to Sequoia PGP

Justus Winter justus at sequoia-pgp.org
Mon Nov 1 14:59:15 UTC 2021


Panu Matilainen <pmatilai at redhat.com> writes:

> On 10/25/21 18:06, Justus Winter wrote:
>> Panu Matilainen <pmatilai at redhat.com> writes:
>>>> I have also skimmed RPM's code.  From what I can tell, the relevant code
>>>> is in rpmio/{rpmpgp,rpmkeyring,digest}*, the public API uses the "rpm"
>>>> prefix, "pgp"-prefixed functions and types are hardly used outside of
>>>> the PGP implementation.
>>>
>>> The users of those pgp* functions are not many there are a handful so it
>>> can't be all just thrown away at once. Unfortunately.
>> 
>> Sure, I didn't meant to throw them out, but just review the call sites
>> and maybe make it part of the public API.
>
> Yup, understood. *I* would like to throw them out though :)

Yeah, I can see that now :)

>>>> Looking at the task for roughly an hour or so (so, take it with a grain
>>>> of salt...), my strategy would be to decouple the current implementation
>>>> by clearly defining the public API, then provide a drop-in replacement
>>>> for that API that can be enabled at compile-time.
>>>>
>>>> Does that sound reasonable?
>>>
>>> Decoupling the implementation from the API would be beneficial to rpm in
>>> any case because
>>> a) it'd also enable implementing support for other libraries as well (eg
>>> RNP which is much closer in language family) and as long as the internal
>>> implementation is preserved, bootstrapping with minimal dependencies.
>>> b) doing so tends to have a positive impact on codebase
>>> c) having someone experienced with OpenPGP do it, the resulting API may
>>> even make some sense...
>>>
>>> So while I'm not at all eager to gain a Rust dependency and there'll be
>>> somewhat more (not less) code to maintain, but as per the plan above I
>>> think this sounds like a net positive for us. Always assuming somebody
>>> is willing to do the work that is.
>> 
>> Great.  I'll give it a try and will likely come back with questions in
>> the process.
>> 
>>>> Do you have questions or remarks?  I'm happy to get the discussion
>>>> rolling :)
>>>
>>> As a someone who's been living under a crate when it comes to Rust... I
>>> can see from the Sequoia docs that FFI is used for calling from other
>>> languages and there's a separate C library for this. How's the API
>>> coverage (just curious) and more importantly, stability? And if this is
>>> a shared library then the question extends to ABI stability as well.
>> 
>> That is a good question.  When we started with Sequoia, we imagined
>> having a general-purpose C API.  We started to build one, driven by the
>> needs of our companies C library.  However, it became increasingly clear
>> that a) this is a lot of work, b) the general-purpose interface was
>> quite brittle, and most importantly c) it resulted in a lot of code on
>> the consumer side that would have been much more concise and robust if
>> it would have been written in Rust using the native interface.
>> 
>> Hence, our new strategy is to create point solutions in Rust that expose
>> the exact handful of functions that a project requires.  We have done
>> that for our companies library, and it has greatly improved the quality
>> of the code.  You can see examples of such point solutions here:
>> 
>> https://gitlab.com/teythoon/sequoia-nlnet-encrypt-confirmation
>> https://gitlab.com/wiktor/anonaddy-sequoia
>> 
>> For RPM, this point solution would implement the public functions from
>> rpmio/{rpmpgp,rpmkeyring,digest}*.  This API is internal to RPM, so any
>> changes to the C side would also be made to the Rust side.  Hopefully,
>> the interface will be small and changes seldom.
>
> So... what does this mean in practical terms? Somebody maintains this 
> piece of Rust code externally somewhere? And a versioned shared library 
> + header file is what you get when it's built? Do you have an example of 
> such a point solution for a C/C++ project?

Yes.  This is the point solution for the pEp engine, which is our 

> Just kinda worried about this requirement to sync with an external 
> project in a language none of us knows anything about.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 519 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211101/5f551144/attachment.asc>


More information about the Rpm-maint mailing list